What actions should Risk and Compliance Directors be taking to assess effective oversight of Appointed Representatives? Our Experts provide insights.

What actions should Risk and Compliance Directors be taking to assess effective oversight of Appointed Representatives? Our Experts provide insights.

The FCA recently published its views on effective oversight of Appointed Representatives (ARs) and Introducer Appointed Representatives (IARs). In this article we discuss the FCA’s recent publication with our insights for Risk and Compliance Directors.

“Principal firms must oversee their appointed representatives (ARs) effectively and are responsible for making sure their ARs comply with our rules in relation to their activities as ARs.” Principal firms embedding the new rules for effective appointed representative oversight: Good practice and areas for improvement | FCA

What is the issue?

Put simply, the FCA publication concludes some effort has been made to embed requirements, but there is more to do. The FCA is holding Principals to account. Whilst ARs and IARs bring significant benefits to a business, they also pose significant risks which require mitigation and monitoring. Looked at in this way, the FCAs requirements in PS 22/11 are the basics. A culture of risk assessment and risk management should deliver a more controlled way of derisking the benefits ARs and IARs can bring.

A recap on the background

The Appointed Representative regime has been a longstanding feature of UK financial services legislation – as far back as the original Financial Services Act 1986 for investment business. It was extended to a broader range of financial activities in the Financial Services and Markets Act 2000, including an important change allowing ARs to conduct a regulated activity independent of the principals’ activities. This change in legislation has enabled some 40,000 individuals and businesses to operate in the Financial Sector without direct authorisation, which is almost equal to the number of current directly authorised firms. The requirements in PS22/11 set about clarifying expectations of principals and improving data available to the FCA to monitor risks.

A few clear themes arise from the FCA’s recent review:

  • Inadequate risk assessment and understanding of the AR business, both financial sector and other business, at onboarding and on an ongoing basis.
  • A tick box approach to onboarding and oversight both failing to adequately cover the requirements of SUP 12.6 (Continuing obligations of firms with appointed representatives or FCA registered tied agents) and failing to adequately assess risks and information.
  • Insufficient identification or monitoring of risk factors that could indicate a potential for consumer harm.
  • Inadequate reporting to Boards and a lack of discussion of risks.
  • Inadequate attention to contracts such as clearly setting out the regulated activities an AR or IAR is permitted to do, and termination rights.
  • Insufficient systems and controls, frameworks, reporting, MI, and documentation in place to effectively manage the AR arrangements and demonstrate action is taken when issues arise.

Potential areas to consider

Covering all the requirements in SUP 12.6 is a good start, but understanding the inherent risks of the AR model, its role in a sector, and sufficient data about the AR population will support a more targeted and effective risk framework. Some examples are:

  • AR models can be attractive to those who would not meet the FCA’s standards for direct authorisation, for example individuals with poor advice records. Due diligence should raise any issues, a strong risk appetite should guide actions to take on or reject an AR application. If taking on, additional controls and monitoring may be needed.
  • Due diligence should be thorough, for example, any evidence of prior directorships where companies have been dissolved, high numbers of complaints, or censure by any bodies should require careful assessment. ARs or IARs with overseas businesses may have higher risk profiles or may require additional effort to assess.
  • Onboarding and ongoing oversight require a sufficient understanding of the ARs business (both financial sector regulated and unregulated activities, and other businesses). Good questions are what businesses does the AR operate? How does it make its money?
  • These questions might extend to Directors of ARs and other businesses they operate. If the business is significantly larger or complex, it may present a significantly higher risk. Particularly if the principal is considerably smaller and reliant on fees from the AR. There may be other relevant regulations or regulators to consider, such as anti-money laundering regulations, ICO regulations.
  • Changes to an ARs business, for example sudden growth, changes in leadership or high turnover, changes to other business activities, are all risk factors to monitor. It may trigger increased monitoring or investigation.
  • Ongoing monitoring should be sufficiently regular and robust, covering a range of metrics to spot issues early. Actual testing of AR outputs such as advice, customer engagement, financial promotions, websites, or social media. Ensure consumer feedback or complaints go to the principal unfiltered.
  • Relying on ARs to self-disclose, is not, as the FCA notes, sufficient as it is the principals, not the ARs duty to complete the annual assessment.
  • In a three lines of defence model, onboarding, and ongoing monitoring of ARs activities should sit with the first line. A clear framework for determining risks or issues that require additional investigation, or monitoring will support clear and consistent decision making.
  • A second line review may want to consider whether all elements of SUP12.6 are in place, the quality of risk identification and effectiveness of controls, and whether first line resources are sufficient (both number and competence) to conduct adequate monitoring. Monitoring is complex, those tasked with monitoring should be able to assess a broad range of information and make judgements about financial stability, business activities and potential for consumer harm.
  • Governance, reporting and MI should be clear with active engagement of the Board. Evidencing active discussions, actions taken is an important discipline in demonstrating strong governance.
  • Requirements for Introducer Appointed Representatives are less onerous, reflecting their more limited role. However, the risk assessment, onboarding and ongoing monitoring points are no less relevant. Principals of IARs should be equally diligent in their onboarding assessments of IARs and have sufficient resources to monitor IARs. A thorough risk assessment should determine if higher levels of monitoring are needed.

If you require support or would like to discuss with any of these topics, please speak to Richard Barnwell Richard.barnwell@bdo.co.uk or Nicola Ball Nicola.ball@bdo.co.uk

BDO UK LLP is the 5th largest tax, audit, and advisory firm in the UK. The BDO financial services advisory practice is a team of over 180 specialists, including ex-regulators and people who have held senior positions in regulated firms. This experience helps financial services clients to understand the impact of regulation and mitigate risk.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics